Meta Reveals Massive Social Media Cyber ​​Espionage Operation in South Asia


Social Media Cyber ​​Espionage

Three different threat actors utilized hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia as part of separate attacks.

“Each of these APTs relies heavily on social engineering to trick people into clicking malicious links, downloading malware, or sharing personal information on the internet,” Guy Rosen, chief information security officer at Meta, said. “This investment in social engineering means that these threat actors don’t need to invest as much on the malware side of things as they could.”

The fake accounts, in addition to using traditional lures such as women seeking a romantic relationship, also pose as recruiters, journalists or military personnel.

At least two of cyber espionage efforts requires the use of low-skill malware with reduced capabilities, most likely in an attempt to pass the app verification checks created by Apple and Google.

One of the groups that has come under Meta’s radar is the Pakistan-based persistent threat group (APT) which relies on a network of 120 accounts on Facebook and Instagram and malicious apps and websites to infect military personnel in India and among the Pakistan Air Force. with GravityRAT under the guise of a cloud storage and entertainment application.

The tech giant also removed around 110 accounts on Facebook and Instagram linked to APT identified as Bahamut which targeted activists, government employees and military staff in India and Pakistan with Android malware published on the Google Play Store. The app, which was considered a secure chat or VPN app, has been removed.

Cyber ​​security

Finally, they purged 50 accounts on Facebook and Instagram linked to an India-based threat actor called Patchwork, who leveraged malicious apps uploaded to the Play Store to extract data from victims in Pakistan, India, Bangladesh, Sri Lanka, Tibet and China. .

Also disturbed by the meta were six adversarial networks from the US, Venezuela, Iran, China, Georgia, Burkina Faso and Togo which engaged in what it called “coordinated inauthentic behavior” on Facebook and other social media platforms such as Twitter, Telegram, YouTube, Medium, TikTok, Blogspot, Reddit, and WordPress.

All of these geographically dispersed networks are said to have set up scam news media brands, hacking groups and NGOs to build credibility, with three of them linked to a US-based marketing firm called Predictvia, a political marketing consultancy in Togo known as Groupe. Panafricain pour le Commerce et l’Investissement (GPCI), and the Georgia Department of Strategic Communications.

Two networks of Chinese origin operate dozens of deceptive accounts, pages and groups on Facebook and Instagram to target users in India, Tibet, Taiwan, Japan and the Uyghur community.

In both cases, Meta said it removed the activity before they could “build an audience” on its service, adding it found an association linking one network to individuals associated with a Chinese IT company referred to as Xi’an Tianwendian Network Technology.

Networks from Iran, per the social media giant, primarily select Israel, Bahrain, and France, which corroborates a previous assessment from Microsoft about Iran’s involvement in the January 2023 hack of the French satirical magazine Charlie Hebdo.

“The people behind this network are using fake accounts to post, like and share their own content to appear more popular than ever, as well as to manage Pages and Groups posing as a team of hackers,” said Meta. “They also like and share other people’s posts on cybersecurity topics, possibly making the fake accounts appear more credible.”


Learn How to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

The disclosure also coincides with a new report from Microsoft, which disclosed that actors allied with the Iranian state have increasingly relied on cyber-supported influence operations to “enhance, exaggerate, or compensate for deficiencies in network access or cyber attack capabilities” since June 2022.

The Iranian government has been linked by Redmond to 24 such operations in 2022, up from seven in 2021, including groups tracked as Staff of Moses, Justice of the Fatherland, Ax of Abraham, Holy Spirit, and DarkBit. Seventeen operations have been carried out since June 2022.

The Windows maker further said it observed “several Iranian actors trying to use bulk SMS messages in three cases in the second half of 2022, possibly to increase the amplification and psychological effect of their cyber influence operations.”

The shift in tactics was also marked by rapid exploitation of known security flaws, use of victim websites for command and control, and adoption of bespoke implants to evade detection and steal information from victims.

The operation, which singled out Israel and the US in retaliation for allegedly fomenting unrest in the country, has sought to increase Palestinian resistance, stoke riots in Bahrain and counter the normalization of Arab-Israeli relations.

Found this article interesting? Follow us on Twitter And LinkedIn to read more exclusive content we post.


Source link

Related Articles

Back to top button